certgen

package

v0.0.0-...-1dc6284 Latest Latest Go to latest Published: Mar 15, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/monologue

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certgen generates (pre-)certificates and (pre-)certificate chains.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	SigningCert *x509.Certificate
	SigningKey  crypto.Signer
	CertConfig  CertificateConfig
}

CA is a Certificate Authority that issues certificates and certificate chains using its SigningCert and SigningKey.

func (*CA) IssueCertificate ¶

func (ca *CA) IssueCertificate() (*x509.Certificate, error)

IssueCertificate creates a new leaf certificate, issued by the key specified in the SigningCert and SigningKey fields of the CA, and configured using the CertConfig in the CA.

func (*CA) IssueCertificateChain ¶

func (ca *CA) IssueCertificateChain() ([]*x509.Certificate, error)

IssueCertificateChain creates a certificate chain, containing a new leaf certificate (as created by IssueCertificate) and the certificate for the key that signed it (stored in the SigningCert field of the CA).

func (*CA) IssuePrecertificate ¶

func (ca *CA) IssuePrecertificate() (*x509.Certificate, error)

IssuePrecertificate creates a new leaf precertificate, issued by the key specified in the SigningCert and SigningKey fields of the CA, and configured using the CertConfig in the CA.

func (*CA) IssuePrecertificateChain ¶

func (ca *CA) IssuePrecertificateChain() ([]*x509.Certificate, error)

IssuePrecertificateChain creates a certificate chain, containing a new leaf precertificate (as created by IssuePrecertificate) and the certificate for the key that signed it (stored in the SigningCert field of the CA).

TODO(katjoyce): Add precert-signing-cert functionality.

type CertificateConfig ¶

type CertificateConfig struct {
	// Required fields
	//
	// What these are set to, including the zero values if left unset, is what
	// will appear in the leaf certificates.
	SubjectCommonName         string
	SubjectOrganization       string
	SubjectOrganizationalUnit string
	SubjectLocality           string
	SubjectCountry            string
	SignatureAlgorithm        x509.SignatureAlgorithm

	// DNSPrefix is a prefix that will be used in conjunction with the
	// SubjectCommonName to create a more specific DNS SAN.
	DNSPrefix string
	// NotAfterInterval specifies an interval in which the NotAfter time of a
	// certificate must fall.
	//
	// For example, if a certificate is being generated to be submitted to a
	// temporal CT Log shard, then, in order to be accepted by the Log, its
	// NotAfter value must fall within the Log's temporal range, so this field
	// would be set to the temporal interval of the Log.  However, if a
	// certificate is being generated to be submitted to a non-temporal CT Log,
	// this field should be left unset/set to nil.
	NotAfterInterval *interval.Interval
}

CertificateConfig contains details to be used to populate newly created leaf certificates.

Source Files ¶

View all Source files

certgen.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL